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ABSTRACT 



A system and method is disclosed for tracking a user across 
both secure and non-secure areas on an Internet and/or 
Intranet site. In one aspect of the system and method, when 
a user first accesses a non-secure area, such as a public area, 
the user is assigned a token, such as a globally-unique 
identifier (GUID). The token is used as a key to a database 
entry on a server computer for tracking the user in non- 
secure areas. W hen the user first accesses a secure area, the 
user is prompted" to enter a user identification and a pa^ 
word. The user identification is then used as the key to the 
database entry, rather than the token, me server men uses 
t ne user lacnimcation to track the user across both secure 
a nd non-secure areas , 

25 Claims, 5 Drawing Sheets 
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TRACKING A USER ACROSS BOTH 
SECURE AND NON-SECURE AREAS ON 
THE INTERNET, WHEREIN THE USERS IS 
INITIALLY TRACKED USING A GLOBALLY 
UNIQUE IDENTIFIER 

HELD OF THE INVENTION 

This invention relates generally to tracking a user on a 
computer network, such as an Internet or Intranet network. 



customization options relating to news, sports, 
entertainment, etc. Based on the options the xiser selects, the 
docvmient only displays content related to those selected 
options. Moreover, the site retains the user-selected options 
so that the customization information is re -displayed when 
the user re -accesses the same document at a later time. 
Storing information relating to user activity or storing cus- 
tomization information for a user is called "tracking" a user. 
Users want to ensure that a site is not tracking an imper- 



4, "*f>- 



and, in particular, to tracking » user across secure and 1° senator of the user, thereby providing the impersonator with 
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access to the user's private customization options. 

To store user information, such as customization 
information, many sites have a database entry for each user, 
that is accessible using globally unique identifiers 
IS ("GUID'% The GUID is a 128-bit string that uniquely 
identifies each user. The GUID is created by a server when 
a u ser first accesses a web site and is stored on the clien t 
computer in a s mall amount of local storage (i.e., local to tEc 
client computer^ ottcn called a " cookie." When a user 
returns to the web site, the br owser searches local storage to 
d etermine if it has a cookie for that web site. If so, the 
browser transmits the cookie to the server . Typically, 
however, GUIDs are only used to track users in non-secure 
areas. In secure areas, on the other hand, sites track the 
25 user's activity using the user identification (rather than the 
GUID) that was entered by the user to access the secure area. 

These differing techniques for tracking the user across 
secure and non-secure areas require multiple data storage 
areas for a single user. Rdaintaining such multiple storage 
areas is expensive, especially considering the volume of 
users accessing Internet sites. Additionally, storing user 
information in a database entry based on the user identifi- 
cation provides little security, as a user identification is often 
easy to guess (i.e., many users use their first name or their 
spouses name as a user identification). Storing user infor- 
mation based on the GUID also has problems since the 
GUID uniquely identifies a client computer and not the user. 
For example, if the user connects to a site from different 
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non-secure areas within a site on the computer network. 

BACKGROUND AND SUMMARY OF THE 
INVENTION 

The Internet is a well-known, global network of coopera- 
tively interconnected computer networks. The world-wide 
web portion of the Internet is a collection of server com- 
puters (referred to as "sites") that store documents which are 
typically accessible by the public. The Intranet uses similar 
protocols and has a similar user interface to the Internet. The 
Intranet, however, restricts access to a network by users 
outside of a defined group, such as users who are not 
employees of a coiporation. Hereinafter, any description of 
the Internet also is applicable to Intranet, unless otherwise 
specified. 

Software generally known as "browsers" is now in wide- 
spread use for retrieving (also known as "downloading*') 
documents (also known as "web pages") from the world- 
wide web and viewing such documents in hyper-text markup 
language (HIML) format These HTML documents gener- 
ally include text, HTML "tags" that specify the format of a 
document, and links (referred to as "hyper-links") that point 
to related documents on the network and other files con- 
taining information (e.g., sound, images, video, etc.) to be ^5 
combined into the document. In use, a browser allows a user 
to navigate (also known as "browse") between documents 
and sites on the world-wide web. 

Software object components also may be incorporated ^ . , , v , • 

into the HTML documents for displaying executable 40 computers (e.g^, home and work computers), the site will 
content, such as for animaUons or information processing. ^^^^^ "^^t?*^ database entries for a single user smce each 
Currently, most Internet browsers support embedded soft- ^«°^P^^^^ ^as a different GUID associated with it. 
ware object components in the fonm of ActiveX controls, To overcome these shortcomings, a system and method is 
Java applets, and Visual Basic Scripts. These software object provided for tracking a user across both secure and non- 
components are inserted into HTML documents using the 45 secure areas on an Int£metand/or Intranet site using a single 
<Insert> or <Object> HTML tags. d a t abase entry. Acflitionally, the system and method pro- 

Security on Internet and Intranet sites is becoming vlSes a neighlcncd level of security in non-sccurc areas, 
increasingly important For example, sites may contain In one aspect of the invention, when a user first accesses 

public information, which anyone can access, and propri- a non-secure area on a site, such as a public area, t he user is 
etary information, which only selected users can access. 50 assigned a toi^cn- s uch as a GUID, that uniquely represents 
Accordingly, some sites are now maintaining non-secure t he user^ llie token is used as a key to a database entry 



and secure areas. A non-secure area includes a public area, 
in which a user can browse without restrictions, and a 
private area that is open to users passing through a one-time 
registration process. A secure area, on the other hand, 55 
requires a user to enter a user identification and a password 
each time the user enters the secure area. While the private 
and secure areas provide at least some level of security, the 
public are a provides no security whatsoever. 

In some situations, users that are accessing sites also 60 
desire .security so that they are not impersonated by other 
users. For example, many sites are storing information 
relating to a user's browsing characteristics, such as what 

links the user activated, how often the user accesses the site, 

and how long the user remained on a particular web page, 65 database entry. W hen the user accesses me site and the sit e 
Additionally, sites may store customization information. For re ceives the cookie irom me client computer, the copy ot the 
example, a document may be displayed to the user having token in the database entry is compared to the token store'd 



associated with the tiser on the site, as described above . 
\Vtien the user nrst accesses a secure area on the same site, 
the user is prompted to enter a user identification and a 
password. After receiving this infonmation, the site uses the 
uger Identification, rather than the token, as the key to the 
database entry across both non-secure and secure areas. The 
user identification is then st ored in a cookie and is received 
by the site each time the client computer passes the cookie 
to the site. Thus, using the user identification as a key, only 
one database entry is needed to track users across both 
non-secure and secure areas. 

In another aspect of the invention, njTj^^^^nnl 'r^^'iirity is 
provided by storing a copy of the token in the associated 
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in the cooki e. If the tokens match, then the user is considered As is familiar to those skilled in the art, the computer 

authentic. The user may then be provided with documents system 20 further includes an operating system and at least 

that are customized according to customization information one application program. The operating system is the set of 

stored in the user's is database entry. If the tokens do not software which controls the computer system's operation 

match, either an error is generated or the user is provided s and the allocation of resources. The application program is 

with generic, uncustomized documents. the set of software that performs a task desired by the user, 

Additional features and advantages of the invention will ^sing computer resources made available through the oper- 

be made apparent from the following detailed description of ating system. Both arc resident in the illustrated memory 

an illustrated embodiment which proceeds with reference to system 26. Preferably, the operating system employs a 

the accompanying drawings. graphical user interface where the display output of an 

application program is presented in a rectangular area 

BRIEF DESCRIPTION OF THE DRAWINGS (sometimes referred to as a "window") on the screen of the 

^ . , - . output device 30 and is also multi-tasking (allowing appli- 

HG. 1 IS a block diagram of a computer system used to ^^^.^^ programs to execute computing tasks in multiple 

implement a method and apparatus embodymg the mven- ^^^^^^^ ^ Microsoft CorporaUon's Windows® 95 or 

Windows® NT operating system, IBM's OS/2 Warp oper- 

HG. 2 is a block diagram of the computer system of HG. ating system, Apple's Macintosh System 7 operating 

1 connected to a remote computer network (e.g., the system, X-Windows, etc. 

Internet) for locally browsing electronic documents residing accordance with the practices of persons skilled in the 

at a remote computer site. 20 art of computer programming, the present invention is 

FIG. 3 is a flow diagram of a tracking method according described below with reference to acts and symbolic repre- 

lo the invention for tracking a user prior to and upon entering sentations of operations that are performed by computer 

a secure area on the remote computer site. system 20, unless indicated otherwise. Such acts and opera- 

FIG, 4 is a flow diagram of steps taken by the tracking tions are sometimes referred to as being computer-executed, 

method after the user enters a secure area. 25 It will be appreciated that the acts and symbolically repre- 

HG. 5 is a flow diagram of a tracking method, for tracking ^^"^^^ operations include the manipulatbn by the CPU 24 of 

a user across both non-secure and secure areas after the user ^1^^^"^^^ ^^5°?^ represenUng data bits which causes a 

accesses a secure area. resulting transformation or reduction of the electncal signal 

representation, and the maintenance of data bits at memory 

DETAILED DESCRIPTION OF AN 30 locations in memory system 26 to thereby reconfigure or 

EMBODIMENT otherwise alter the computer system's operation, as well as 

Overview of Client and Server Computers other processing of signals. The memory locations where 

Referring to FIG. 1, an operating environment for an data bits are maintained are physical locations that have 

illustrated embodiment of the present invention is a com- particular electrical, magnetic, or optical properties corre- 

puter system 20 with a computer 22 that comprises at least 35 sponding to the data bits, 

one high speed processing unit (CPU) 24, in conjunction System Overview 

with a memory system 26, an input device 28, and an output FIG. 2 shows a browsing environment 50 in which 

device 30. These elements are interconnected by at least one computer 20 (FIG. 1) as a client runs software, referred to 

bus structure 32. herein as a "browser," for unified browsing of electronic 

The illustrated CPU 24 is of familiar design and includes 40 documents and other data from local sources (e.g., the 
an ALU 34 for performing computations, a collection of secondary storage 42 of FIG. 1) and from a remote computer 
registers 36 for temporary storage of data and instructions, network 52. The browser can be integrated with the oper- 
and a control unit 38 for controlling operation of the system ating system software, or can be separate application soft- 
20. The CPU 24 may be a processor having any of a variety ware. The illustrated remote computer network 52 may be 
of architectures including Alpha from Digital, MIPS from 45 the Internet or the Intranet. In the illustrated browsing 
MIPS Technology, NEC, IDT, Siemens, and others, x86 environment 50, the computer 20 connects to the computer 
from Intel and others, including Cyrix, AMD, and Nexgen, network 52 over a telephone line 54 with a modem 56. Other 
and the PowerPC from IBM and Motorola. physical connections to the computer network alternatively 

The memory system 26 generally includes high-speed can be used, such as an ISDN, Tl or like high speed 

main memory 40 in the form of a medium such as random 50 telephone line and modem, a television cable and modem, a 

access memory (RAM) and read only memory (ROM) semic satellite link, an optical fiber link, an Ethernet or other local 

onductor devices, and secondary storage 42 in the form of area network technology wire and adapter card, radio or 

long term storage mediums such as floppy di^, hard disks, optical transmission devices, etc. The invention can alter- 

tape, CD-ROM, flash memory, etc. and other devices that natively be embodied in a browsing environment for other 

store data using electrical, magnetic, optical or other record- 55 public or private computer networks, such as a computer 

ing media. The main memory 40 also can include video network of a commercial on-line service or an internal 

display memory for displaying images through a display corporate local area network (LAN), an intranet, or like 

device. Those skilled in the art will recognize that the computer network. 

memory 26 can comprise a variety of alternative compo- Documents for browsing with the illustrated browser can 
ncnts having a variety of storage capacities. 60 reside as files of a file system stored in the computer's 
The in put and output devices 28, 30 also are familiar. The secondary storage 42 (FIG. 1), or reside as resources at a 
input device 28 can comprise a keyboard, a mouse, a remote computer 58 (also referred to as a "site" or server) 
physical transducer (e.g., a microphone), etc. The output connected to the computer network 52, such as a World- 
device 30 can comprise a display, a printer, a transducer Wide Web site on the Internet. The illustrated document 60 
(e.g., a speaker), etc. Some devices, such as a network 65 residing at the site 58 conforms with HTML standards, and 
interface or a modem, can be used as input and/or output may include extensions and enhancements of HTML stan- 
devices. dards. However, the iUustrated browser also can browse 
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documents having other data formats (e.g., Microsoft® 'User' and the content or value can be a 128-bit GUID 

Word documents, etc) from the computer 20 or remote referenced to the time the user accesses the network address, 

computer 58, In conformance with HTML, the illustrated expiresoDATE 

document 60 can incorporate other additional information This attribute specifies an expiration date for selected 

content 62, such as images, audio, video, executable $ information within the client identifier After expiration, the 

programs, etc. (hereafter simply "images" 62), which also information within the cUent identifier is no longer stored or 

reside at the remote computer 58. The document 60 and returned to the server at the originating network address. The 

images 62 preferably are stored as files in a file system of the DATE is formatted as: 

remote computer 58. The document 60 incorporates the Wdy, DD-Mon-YYYY HH:MM:SS GMT 

images 62 using HTML tags that specify the location of files jf Attribute is not set, then the information within the 

or other Internet resource contammg the miages on the ^Uent identifier expires immediately after leaving the sped- 

Inlernet 52. network address. Accordingly, this attribute is set to 

When used for browsmg documents, the illustrated ^llow customization information to be retrieved for a user 

browser displays the document in a window 68 or rectan- during subsequent accesses of the specified network 

gular area of the computer's display 30 allocated to the addresses, 

browser by the operating system. The illustrated window 68 domain=DOMAIN NAME 

comprises a frame 70, a document display area 72, and user xhjs attribute specifies a top level or "tail" domain to be 

interface controls 74. The browser displays the document initially examined when searching for a vaUd cUent identi- 

within the document display area 72 of the window 68. f^^^^ -phe top level or "tail" domain requires at least three 

Client Identifier 20 periods, such as ".custora.home.uk," except that only two 

When the client computer 20 connects to the server 58, a periods are required in the top level domains "com", "edu", 

token, such as a GUID, is assigned to the client and stored u^^^.^ u.^^"^ "juil", "net", and "org". AcUent identifier with 

locally as a client idenUfier (not shown), often called a ^ matching top level domain match proceeds to path match- 

"cookie," as is further described below. A database entry is j^g. The default value of this attribute is the host name of the 

also created and stored on the server computer 58 to track ^5 server generating the cUent identifier, 

user activity as the user browses throtigh different areas on path-PATH 

the server computer. By "tracking" it is meant that selected -phe path attribute specifies the network addresses (e.g., 

characteristics of the user's browsing activities are recorded uRLS) within a domain for which the client identifier is 

or the user is provided with customization information that ^^lid (i.e., returned by the browser on user cHent 20 when 

was previously stored. Such information is stored in the 30 the specified network address is requested or accessed), llie 

database entry and the token is used as a key for accessing formal for this attribute is 'path=/foo', and the client iden- 

the database entry. Use of a key in a database is well tifier is returned only if the browser requests a network 

understood in the art as being an attribute that is chosen as address (e.g., URL) in the path Vfoo' or lower, such as 

the primary means of accessing an entity (e.g., the database Vfoo/default*. The most general specification is *path=/\ If 
entry). 

35 this attribute is not specified, the default path is the same as 

A dient identifier or cookie is generally arbitrary text p^th for the document with which the client identifier is 

information (e.g., of up to 255 characters) returned to user associated, 

client 20 by server 58 when it is accessed by user client 20. secure 

The information includes one or more network addresses jf attribute is set, the cUent identifier is transmitted 

(e.g., Uniform Resource Locators, URLs) indicating servers ^^^^ ^hent 20 only if the communication channel with 

that the user accessed using the browser. Such information ^^^^^j. 55 ^^cure (e.g., utUizing a secure socket layer). If 

is stored in the client identifier on client 20. On subsequent ^^^^ attribute is not specified, the client identifier is sent 

accesses of any of the specified network addresses by the regardless of the security of the channel, 

browser on user client 20, selected information in the client Method of Tracking Prior to Entering the Secure Area 

identifier is returned to server 58. A benefit of using a client 45 Turning to FIG. 3, the illustrated site 58 includes a 

identifier to carry the informaUon is that it is automatic and non-secure area 76 and a secure area 78. The non-secure area 

transparent to the user includes a public area and may also include a private area, 

A client identifier is specified by a Set-Cookie HTTP although a private area is not required to implement the 

response header of the form: ^y^^^^ and method according to the invention. In the public 

Set-Cookie; name= VALUE; expires=DATE; 50 area, a user can browse through documents without 

path=»PArH;domain=DOMAIN__NAME; secure. restriction, while the private area is open only to users 

For example, when it requests an HTML document from a passing through a one-time registration process. The secure 

network address on server 58, the browser determines area 78 requires a user to enter a user identification and a 

whether the address matches or corresponds to the addresses password each time the user enters the secure area, 

or paths specified in any of the stored information within the 55 Using the present invention, the method of tracking a user 

client identifier. For each match, the browser transmits the depends upon whether the user has accessed a secure area 

name and value of the information within the client identifier 78. Prior to accessing a sectire area 78, the server 58 tracks 

with the HTML document request. The format of the trans- the user based upon the GUID stored in the client identifier 

mission is: on the client computer 20. After the user has accessed the 

Cookie: namel^VALUEl; name2=VALUE2; ... 60 secure area 78, the system tracks the user based upon a user 

The attributes of the Set- Cookie header are: identification entered by the user. 

name= VALUE FIG. 3 shows a method of tracking 80 prior to a user 

This attribute specifies the name and content of the client accessing the secure area 78. Process block 82 indicates that 

identifier data and is the only required attribute on the a user navigates client 20 to a network address (e.g., 

Set-Cookie header. The name and its value can be any 65 Uniform Resource Locator) so that a document, such as 

sequence of characters, except semi-colon, comma and document 60 (FIG. 2), is displayed in window 68 of the 

white space. For example, this attribute can have the name client computer 20. If this is the first time the user has 
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accessed server 58, a GUID is generated, and the Uniform Process block 102 indicates that the GUID is separately 

Resource Locator for the server and the GUID are placed in stored in a field within the database entry. This field is used 

the client identifier on the client computer 20, Additionally, for a comparison with the GUID subsequently sent from the 

a new database entry on the server 58 is opened for the client client computer 20, as is further described below, 

using the GUID as a key to accessing the database. 5 Method of Tracking after Entering the Secure Area 

Assuming, however, that the user has already accessed the ^ shows the tracking method 80 as a user enters 

site 58 and that a GUID has been stored in the client P^^^^> Private and secure areas after the key is switched 

identifier, the client 20 passes the GUID to the server (step ^^f^ ^^^ID to the user identification. 

Process block 106 mdicates that the user is browsing a 

Process block 86 indicates that the server 58 uses the lO P^bhc,pnva^^ 

GUID to access a database entry associated with the user. " p^^es^ Mock 108 indicates that the client 20 passes the 

pie datable entry contains information relaung to the user. ^^^^^ -^^^^ ^^^^ -^^^^^^^ q^jj^ ^J^^ 

For example, the entry may record the user's activities or the identification, to the server 58. 

entry may contain information needed to customize docu- p.^^^^ ^^^^^ indicates that the server 58 uses the 

ments displayed to the user. 15 identification as a key to accessing the database entry 

Process blocks 88, 90 and 92 indicate actions taken when associated with the user. Thus, user information stored in a 
a user enters a public area, a private area, or a secure area, database entry can be accessed to provide customized con- 
respectively. Process block 88 shows that a user accessing a tent to the user or additional information about the user's 
public area may be shown customized documents based on browsing characteristics can be stored in the database entry, 
customization the user previously selected that is stored in 20 The database entry also has a field that includes a GUID 
the database entry. which is stored as shown in process block 102 (FIG. 4). 

Process block 90 indicates actions taken by the server Process block 112 indicates that the GUID stored in the 

when the user accesses a private area on the server 58. The client identifier and received from the client is compared to 

server 58 checks the database entry associated with the user the GUID stored in the database entry, 

by using the GUID as a key, as described above. The server 25 Process blocks 114 and 116 represent actions taken by the 

then checks a registration field in the database entry that server 58 in the public and private areas, respectively. In 

indicates whether the user has previously registered. If the both process blocks 114 and 116, if the GUID's checked in 

user has not registered, the user must go through a registra- process block 112 are equivalent, the user is provided 

tion process. Usually the registration process requires the customized content that is stored in the database entry. If the 

user to enter personal information or requires the user to 30 GUlDs are different, the user is either presented with an 

answer questions. After having registered, the registration error or generic, uncustomized content. Thus, a heightened 

field in the database is changed to indicate that the user has level of authentication is achieved by ensuring that the 

now registered. If the user leaves the private area and user's customized data is not displayed unless the check 

returns, the server 58 again checks the database entry and shows that the user is genuine, 

determines that the user has aheady registered. As a result, 35 Process block 118 shows that the user must still enter a 

the user is given automatic access to the private area without ^scr identification and password to enter the secure area, 

further registration. Such registration checking is transparent Having illustrated and described the principles of the 

to the user. invention in a preferred embodiment, it should be apparent 

Process block 92 indicates actions taken when the user lo Itose skilled in the art that the embodiment can be 

tries to access a secure area on the server 58. The server 58 40 modified in arrangement and detail without departing from 

displays a document to the user that requests a user identi- such principles. 

ficalion and password. Addidonally, if the user has not For example, although the system and method is 

previously entered a user identification and password, the described as having the user identification and GUID within 

user is offered a sign-up process through which the user must the same client identifier, they may be stored in separate 

pass in order to enter the secure area. If the user previously 45 client identifiers. 

entered a user identification and password, it is stored in the Additionally, although the token associated with the chent 

database entry. Upon entering the proper user identification computer is described as the GUID, other tokens for iden- 

and password, the server 58 compares the user-entered user lifying the cUent computer may be used, 

identification and password to that stored in the database yicw of the many possible embodiments to which the 

entry. Only if the two match, is the user allowed to access the 50 principles or invention may be applied, it should be recog- 

secure area. nized that the illustrated embodiment is only a preferred 

Steps Taken upon Entering the Secure Area example of the invention and should not be taken as a 

FIG. 4 shows additional steps in the method of tracking 80 limitation on the scope of the invention. Rather, the inven- 

after the user accesses the secure area. Process block 96 tio" is defined by the foUowing claims. We therefore claim 

shows that the server 58 receives the user identification 55 as the invention all such embodiments that come within the 

entered by the user. scope of these claims. 

Process block 98 shows that the server no longer uses the We claim: 

GUID as the key to the database entry. Instead, the GUID is 1- ^ method of tracking a user on a cUent computer as the 

replaced as the key with the user identification entered by the user accesses secure and non-secure areas on a network 

uscf go server computer, comprising the steps of: 

Process block 100 shows that the user identification and upon first accessing a non-secure area, assigning a token 

the GUID are both stored in the client identifier or cookie on representing the user wherein the token does not con- 

the client computer 20. The user identification can be stored tain a user identification and using the token as a key 

in the "name=VALUE" attribute described above. for accessing a database entry associated with the user 

Alternatively, the user identification can be stored in other 65 on the server computer; 

attributes described above or other attributes can be created upon first accessing the secure area, receiving a user 

for storing the user identification. identification associated with the user; 
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after accessing the secured area, replacing the token with 
the user identification as the key to the database entry; 
and 

the database entry including customization information 
associated with the user. ^ 

2. The method of claim 1 further including: 

storing the token, the iiser identification, and a network 

address associated with the server computer in local 

storage on the client computer; and 
receiving the token and the user identification from the 

client computer upon subsequent accessing by the user 

of the network address. 

3. The method of claim 2 further including: 

upon first accessing the non-secure or secure areas on the ^5 
server computer, storing customization information 
associated with the user in the database entry; 

upon subsequent accessing of the non-secure or secure 
areas, retrieving the customization information stored 
in the database entry by using the user identification to 20 
access the database entry; and 

returning to the client computer, a document customized 
according to the customization information. 

4. The method of claim 3 further including: 
storing a copy of the token within the database entry; 
upon subsequent accessing of the server computer, com- 
paring the copy of the token stored in the database entry 
to the token received from die client computer; 

if the tokens match, returning a document customized 30 
according to the customization information to the client 
computer; and 

if the tokens do not match, returning a generic, uncus- 
tomized document to the client computer. 

5. The method of claim 1 further including: 35 
during first accessing of the server computer, obtaining 

customization information from the user; and 
storing the customization information in the database 
entry. 

6. The method of claim 5 further including: 
prior to accessing the secure area: 

(a) receiving the token from the client computer; 

(b) accessing the database entry on the server computer 
using the token; and 

(c) returning a document to the client computer that is 
customized in accordance with the customization 
information stored in the database entry; 

after accessing the secure area: 

(a) receiving the user identification and the token from jq 
the local storage on the client computer; 

(b) accessing the database entry on the server computer 
using the user identification; and 

(c) checking the token received from the client com- 
puter by comparing the token to information stored 55 
within the database entry. 

7. The method of claim 1 wherein the non-secure area 
includes a public area and a private area. 

8. The method of claim 1 wherein the token is a globally 
unique identifier, 

9. The method of claim 6 further including: 

upon first accessing the private area, requesting registra- 
tion information and storing information in the data- 
base entry indicating that the user has registered. 

10. The method of claim 9 further including: 55 
upon subsequent accessing the private area, checking the 

database entry to verify that the user previously 
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registered, and if the user already registered, allowing 
the user to access the private area without further 
registration. 

11. The method of claim 1 further including requesting a 
user identification and password each time the user enters a 
secure area and comparing the user identification and pass- 
word to stored information in the database entry on the 
server computer. 

12. A method of tracking a user on a computer network, 
comprising the steps of: 

connecting to the computer network from the client 
computer, the computer network having a plurality of 
server computers associated with a plurality of content 
providers; 

assigning a token to the user;: 

accessing a secure area on a server computer having a 
predetermined network address; 

requesting a user identification from the user, 

upon receiving the \iser identification fi-om the user, 
providing a database entry that is accessible by using 
the user identification; 

storing the user identification and the token on the client 
computer, the user identification being passed to the 
server when the user subsequently accesses the prede- 
termined network address; 

receiving from the client computer, both the token and the 
user identification. 

13. The method of claim 12 further including: 
accessing a non-secure area on the server computer and 

assigning a token associated with the tiser; 
storing the token and the tiser identification on the client 

computer; and 
upon subsequent accessing of the non -secure area, 

receiving, from the client computer, the token and the 

user identifier. 

14. The method of claim 12 further including: 
storing a copy of the token in the database entry on the 

server computer; and 
upon receiving the token from the client computer, com- 
paring the token to the copy of the token in the database 
entry. 

15. The method of claim 14 further including: 

upon first accessing the non-secure area, storing customi- 
zation information associated with the user in the 
database entry; and 

providing customized information to the user if the copy 
of the token in the database entry matches the token 
received from the client computer. 

16. The method of claim 15 further including: 
providing generic, uncustomized information to the user 

if the copy of the token in the database entry does not 
match the token received from the cUent computer. 

17. A method of tracking user access of secure and 
non-secure areas on a network server computer, comprising 
the steps of: 

during first accessing of a non-secure area on the server, 
storing a globally unique identifier, associated with the 
user, in local storage on a client computer; 

storing information associated with the user's browsing 
characteristics in a database entry on the server com- 
puter using the globally unique identifier as a key to 
accessing the stored information; 

during first accessing a secure area on the server, request- 
ing a user identification and a user password as a 
prerequisite to entering the secure area; 
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changing the key to the database entry from the globally 

unique identifier to the user identification; 
storing the user identification and the globally unique 

identifier in the local storage on the client computer; 
storing a copy of the globally unique identifier in the ^ 

database entry; 
during subsequent accessing of the non-secure area, 

receiving the user identification and the globally unique 

identifier from the client computer; 
accessing the database using the user identification; 
comparing the copy of the globally unique identifier in the 

database entry to the globally unique identifier received 

from the client computer; 
if both globally unique identifiers match, providing per- 15 

sonalized content to the user and if both globally 

unique identifiers do not match, providing generic 

content to the user. 

18. A computer system comprising: 

a server computer having memory for storing a database 

and having secure and non-secure areas; 
a client computer having local memory and a display for 

displaying an interactive environment that allows a user 

to access the secure and non-secure areas on the server 

computer; 

a communication network for coupling the server com- 
puter and the client computer for allowing communi- 
cation therebetween; 

means on the client computer for storing in the local 30 
memory a user identification entered by the user and a 
globally unique identifier and for passing the user 
identification and globally unique identifier to the 
server computer when accessing a secure or non-secure 
area; and 35 

means on the server computer for using the user identi- 
fication as a key to accessing a database entry in the 
database and for comparing a globally unique identifier 
stored in the database entry to the globally unique 
identifier received from the client computer. 40 

19. The computer system of claim 18, further including 
means for providing personalized content when the globally 
unique identifier stored in the database entry and the glo- 
bally unique identifier stored on the client computer match. 

20. A method of tracking a user on a client computer as 45 
the user accesses secure and non-secure areas on a network 
server computer, comprising the steps of: 

upon first accessing a non-secure area, assigning a token 

representing the user and using the token as a key for 

accessing a database entry associated with the user on 50 

the server computer; 
upon first accessing the secure area, receiving a user 

identification associated with the user; 
replacing the token with the user identification as the key 

to the database entry; 
storing the token, the user identification, and a network 

address associated with the server computer in local 

storage on the client computer; 
receiving the token and the user identification from the 

client computer upon subsequent accessing by the user 

of the network address; 
upon first accessing the non-secure or secure areas on the 

server computer, storing customization information 

associated with the user in the database entry; ^5 
upon subsequent accessing of the non-secure or secure 

areas, retrieving the customization information stored 
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in the database entry by using the user identification to 
access the database entry; 

reluming to the client computer, a document customized 
according to the customization information; 

storing a copy of the token within the database entry; 

upon subsequent accessing of the server computer, com- 
paring the copy of the token stored in the database entry 
to the token received from the client computer; 

if the tokens match, returning a document customized 
according to the customization information to the client 
computer; and 

if the tokens do not match, returning a generic, uncus- 
tomized document to the client computer. 

21. A method of tracking a user on a client computer as 
the user accesses secure and non-secure areas on a network 
server computer, comprising the steps of: 

upon first accessing a non-secure area, assigning a token 

representing the user and using the token as a key for 

accessing a database entry associated with the user on 

the server computer; 
upon first accessing the secure area, receiving a user 

identification associated with the user; 
replacing the token with the user identification as the key 

to the database entry; 
during first accessing of the server computer, obtaining 

customization information from the user; 
storing the customization information in the database 

entry; 

prior to accessing the secure area: 

(a) receiving the token from the ctient computer; 

(b) accessing the database entry on the server computer 
using the token; and 

(c) returning a document to the client computer that is 
customized in accordance with the customization 
information stored in the database entry; 

after accessing the secure area: 

(a) receiving the user identification and the token from 
the local storage on the client computer; 

(b) accessing the database entry on the server computer 
using the user identification; and 

(c) checking the token received from the client com- 
puter by comparing the token to information stored 
within the database entry. 

22. The method of claim 21 further including: 

upon first accessing the private area, requesting registra- 
tion information and storing information in the data- 
base entry indicating that the, user has registered. 

23. The method of claim 22 further including: 

upon subsequent accessing the private area, checking the 
database entry to verify that the user previously 
registered, and if the user already registered, allowing 
the user to access the private area without further 
registration. 

24. A method of tracking a user on a computer network, 
comprising the steps of: 

connecting to the computer network from the client 
computer, the computer network having a plurality of 
server computers associated with a plurality of content 
providers; 

accessing a secure area on a server computer having a 

predetermined network address; 
requesting a user identification from the user; 
upon receiving the user identification firom the user, 

providing a database entry that is accessible by using 

the user identification; 
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Storing the user identification on the client computer, the 
user identification being passed to the server when the 
user subsequently accesses the predetennined network 
address; 

accessing a non^secure area on the server computer and 

assigning a token associated with the user; 
storing the token and the user identification on the client 

computer; and 
upon subsequent accessing of the non -secure area, 

receiving, from the client computer, the token and the 

user identifier. 
25. A method of tracking a user on a client computer as 
the user accesses secure and non-secure areas on a network 
server computer, comprising the steps of: 

upon first accessing a non-secure area, assigning a token 

representing the user and using the token as a key for 

accessing a database entry associated with the user on 

the server computer; 
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upon first accessing the secure area, receiving a user 
identification associated with the user; 

replacing the token with the user identification as the key 

to the database entry; 
storing customization information associated with the 

user in the database entry; 

storing a copy of the token within the database entry and 
comparing the copy with a token received from the 
client computer; if the tokens match, returning a docu- 
ment customized according to the customization infor- 
mation; and 

if the tokens do not match, returning a generic, uncus- 
tomized document to the client computer. 

4t « * ♦ 4 
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